http call and response leading to invalid_credentials error with familysearch strategy

[genlighten]

I'm trying to authenticate with the FamilySearch API using the omniauth-familysearch gem and omniauth-oauth2 (v 1.3.1, oauth 1.3.0 and omniauth 1.4.2). After entering my (valid) credentials into the FamilySearch login window, omniauth returns an "invalid_credentials" error to my failure callback method:

Started GET "/users/auth/familysearch/callback?code=11-85114-101512078-82209172-11710320-53-353166-34-119-838040-127-57351257457-2-61111&state=0ab7fab1dd40f78669b35799c9f8207c45ee1c3b584719d1" for ::1 at 2017-02-14 18:35:37 -0800
I, [2017-02-14T18:35:37.953526 #2654] INFO -- omniauth: (familysearch) Callback phase initiated.
E, [2017-02-14T18:35:38.555537 #2654] ERROR -- omniauth: (familysearch) Authentication failure! invalid_credentials: OAuth2::Error,
Processing by Users::OmniauthCallbacksController#failure as HTML

FamilySearch support is happy to help me debug this issue, but I need to be able to give them the actual HTTP call that I'm making, the associated parameters and the HTTP response received when I get the error.

I've managed to display the request and response objects in the console, but it's not clear to me what info I can extract from them that will help with debugging the error. Can you offer suggestions for where I might focus my efforts most productively? I'm new to oauth2 and to accessing web applications via APIs in general.

Thanks!

Dean Richardson
Genlighten.com

Code snippets:

devise.rb initializer code referencing FamilySearch as an oauth2 provider:

 # ==> OmniAuth
  # Add a new OmniAuth provider. Check the wiki for more information on setting
  # up on your models and hooks.
  config.omniauth :familysearch, ENV['FS_APP_TOKEN'], '', :client_options => { :site => 'https://identbeta.familysearch.org' }

upload_to_memories method in FamilySearchController:

  def upload_to_memories
    @code = PostFileToMemories.call(@account, @project_upload)
    if @code == 401
      puts "got 401, getting ready to redirect_to user_omniauth_authorize_path"
      redirect_to user_omniauth_authorize_path(:familysearch, :state => "#{@project_upload.id}&memories")
    elsif @code == 201
      flash[:success] = "Your image was successfully uploaded to your Memories gallery on FamilySearch"
      redirect_to project_path(@project, :active => "uploads", :sn => "provider")
    else
      puts "@code=#{@code}"
      flash[:alert] = "We weren't able to upload your image to FamilySearch."
      redirect_to project_path(@project, :active => "uploads", :sn => "provider")
    end
  end

PostFileToMemories service object:

class PostFileToMemories
	def self.call(account, project_upload)
	  begin
	    response = HTTP.auth("Bearer #{account.fs_access_token}")
	      .headers('Content-Type' => "#{project_upload.photo.content_type}", 'Content-Disposition' => "attachment; filename=\"#{project_upload.photo.original_filename}\"")
	      .post("https://beta.familysearch.org/platform/memories/memories",
	        :form => { :type => 'Photo' },
	        :params => { :title => "#{project_upload.title}", :description => "#{project_upload.description}" },
	        :body => "#{HTTP::FormData::File.new("#{project_upload.photo.path(:original)}")}"
	      )
	  rescue
	  	puts "got to rescue in PostFileToMemories"
	  	puts response.to_s

	  end

	  code = nil
	  if response
	  	code = response.code
	  end
	  code
	end
end

[skudryk]

I have the same issues, error raised here https://github.com/omniauth/omniauth-oauth2/blob/master/lib/omniauth/strategies/oauth2.rb#L78 most of all because of wrong request params to specific Provider to get authentication token during callback_phase

[strausmann]

I have the same problem with the login to the billing system WHMCS for the support system Zammad.

How can we analyze and solve the problem more precisely?